Making the invisible visible Method Results A theory of security - PowerPoint PPT Presentation

Making the invisible visible S. Faily, I. Fléchais Introduction Making the invisible visible Method Results A theory of security culture for secure and usable grids Cases What is Security Culture? Guidelines Future work S. Faily I. Fléchais Summary References Computing Laboratory University of Oxford UK e-Science All Hands Meeting 2008

Making the invisible Introduction visible S. Faily, Why Security Culture I. Fléchais Introduction • Values conflict. Method • Existing understanding based on inappropriate Results Cases contexts. What is Security Culture? • Tools are value-free and not contextualised. Guidelines Future work Summary References

Making the invisible Method visible S. Faily, I. Fléchais Introduction Method Results Cases What is Security 1 Grounded Theory [Corbin and Strauss, 2008] analysis Culture? Guidelines from existing literature. Future work 2 Comparative model derived from empirical data. Summary References 3 Theoretical and empirical models applied to a secure design process.

Making the invisible Case Studies visible S. Faily, NeuroGrid I. Fléchais Introduction Method • A grid based collaborative research environment Results [Geddes et al, 2006]. Cases What is Security • 3 clinical exemplars : Stroke, Dementia and Psychosis. Culture? Guidelines • Data both sensitive and distributed. Future work Summary References

Making the invisible Case Studies visible S. Faily, Security Development Lifecycle I. Fléchais • A software development process for developing secure Introduction software [Howard and Lipner, 2006, Method Microsoft Corporation, 2008]. Results Cases • Pragmatic : based on Microsoft’s experience securing What is Security Culture? Windows 2000, .NET and Windows Server 2003. Guidelines Future work • Prescriptive: guidance for all stages of the secure Summary software development lifecycle. References

Making the invisible What is Security Culture? visible S. Faily, A combination of tangible and intangible factors within both I. Fléchais an organisation’s culture and its subcultures. Introduction Method Visible Tangible == Results Factors Cases What is Security [] [] [] Culture? Guidelines Socio- Technical Procedural Security Technical [] Controls Controls Future work Policy Measures Summary => => => => References Sub- Cultures Security Perception => Sub-culture Socialisation norms Responsibility Compliant [] [] [] [] Behaviour [] Intangible == Factors Invisible Label Relation == C is-associated-with C2 [] C1 is-part-of C2 => C1 is-cause-of C2

Making the invisible Guideline 1 visible S. Faily, Have a single, visible, security policy I. Fléchais Introduction Method Results Cases • Statements of What is Security Culture? Visible Tangible management intent. == Guidelines Factors [] [] [] Future work • Multiple forms of Socio- Technical Procedural Security Technical [] Controls Controls Measures Policy Summary procedural control lead to => => => => References Sub- Cultures multiple security Security Perception => perspectives. Sub-culture Socialisation norms Responsibility [] [] Compliant [] [] Behaviour • Reliance on social [] Intangible == Factors Invisible networks in lieu of visible policies.

Making the invisible Guideline 2 visible S. Faily, Leverage socialisation I. Fléchais Introduction Method Results • Socialisation is the Cases Visible Tangible process of developing == What is Security Factors Culture? [] [] [] Guidelines culturally acceptable Socio- Technical Procedural Security Technical [] Future work Controls Controls Policy Measures beliefs, values and => => => => Summary Sub- behaviours Cultures Security References Perception [Brown, 1998]. => Sub-culture Socialisation norms Responsibility Compliant [] [] [] • Certificate installation as [] Behaviour [] Intangible == Factors Invisible a rite of passage. • Compliance and socialisation synonymous in the SDL.

Making the invisible Guideline 3 visible S. Faily, Model lines of responsibility I. Fléchais Introduction Method Results • Literature : Cases Visible Tangible organisational and moral == What is Security Factors Culture? [] [] [] Guidelines responsibility. Socio- Technical Procedural Security Technical [] Future work Controls Controls Policy Measures • NeuroGrid : various and => => => => Summary Sub- Cultures split between technical Security References Responsibility => Perception controls and assets. Sub-culture Socialisation norms [] Compliant [] [] [] Behaviour • Ambiguity identified by [] Intangible == Factors Invisible modelling lines of responsibility before implementing a security policy.

Making the invisible Guideline 4 visible S. Faily, Know your subcultures I. Fléchais Introduction Method • Evident in NeuroGrid Results Cases when asking users to What is Security Visible Culture? Tangible describe how data was == Factors Guidelines [] [] [] handled. Future work Socio- Technical Procedural Security Technical [] Controls Controls Policy Measures Summary • Diffusion of => => => => Sub- References Cultures Responsibility Security Perception => [Darley and Latané, 1970]. Sub-culture Socialisation norms Responsibility Compliant [] [] [] [] Behaviour • Understanding values [] Intangible == Factors Invisible helps to determine whether security will be sacrificed for operational goals.

Making the invisible Future work visible S. Faily, Value Sensitive Design and the design process I. Fléchais Introduction • Identifies impacting Method human values and Results Cases integrates them into the Artifact What is Security Culture? design process. Guidelines Contexts Future work • Conceptual, Empirical Conceptual Technical Empirical Summary Investigation Investigation Investigation and Technical References Investigation. • Supplements existing Values design processes. Direct & Core Indirect • Precedents in secure Values Stakeholder Values and usable design [Friedman et al., 2002, Friedman et al., 2005, Friedman et al., 2006]

Making the invisible Future work visible S. Faily, Augmenting Value Sensitive Design I. Fléchais Introduction Method • Conceptual Investigation. Results • Augment with additional values. Cases What is Security • Empirical Investigation. Culture? Guidelines • Responsibility modelling. Future work • Technical Investigation. Summary References • Implications of augmenting the approach. Guideline Value Have a single, visible security policy Compliant Behaviour Leverage socialisation Socialisation Model lines of responsibility Responsibility Understand your subcultures Sub-culture norms

Making the invisible Summary visible S. Faily, Contributions I. Fléchais Introduction Method Results Cases What is Security Culture? Guidelines • Security Culture : what is it and why do we need it. Future work • Guidelines for a healthy security culture. Summary References • An agenda for incorporating insights into the secure design process.

Making the invisible References I visible S. Faily, I. Fléchais Introduction Brown, A. (1998). Method Organisational Culture . Results Prentice Hall, 2nd edition. Cases What is Security Culture? Corbin, J. M. and Strauss, A. L. (2008). Guidelines Future work Basics of qualitative research : techniques and Summary procedures for developing grounded theory . References Sage Publications, Inc., 3rd edition. Darley, J. M. and Latané, B. (1970). Norms and normative behaviour: field studies of social interdependence. In Berkowitz, L. and Macaulay, J., editors, Altruism and Helping Behaviour . Academic Press.

Making the invisible References II visible S. Faily, I. Fléchais Introduction Friedman, B., Howe, D., and Felten, E. (2002). Method Informed consent in the mozilla browser: implementing Results Cases value-sensitive design. What is Security Culture? System Sciences, 2002. HICSS. Proceedings of the Guidelines Future work 35th Annual Hawaii International Conference on , pages Summary 10 pp.–. References Friedman, B., Lin, P ., and Miller, J. K. (2005). Informed consent by design. In Cranor, L. F . and Garfinkel, S., editors, Security and Usability: Designing Secure Systems that People Can Use . O’Reilly Media.

Making the invisible References III visible S. Faily, I. Fléchais Introduction Friedman, B., Smith, I., Kahn Jr., P . H., Consolvo, S., Method and Selawski, J. (2006). Results Development of a privacy addendum for open source Cases What is Security Culture? licenses: Value sensitive design in industry. Guidelines In Dourish, P . and Friday, A., editors, Ubicomp 2006 , Future work LNSC 2006, pages 194–211. Springer-Verlag Berlin Summary Heidelberg. References Geddes et al (2006). The challenges of developing a collaborative data and compute grid for neurosciences. Computer-Based Medical Systems, 2006. CBMS 2006. 19th IEEE International Symposium on , pages 81–86.